diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h index f68a4a3f..5700a04b 100644 --- a/lib/libwebsockets.h +++ b/lib/libwebsockets.h @@ -47,7 +47,15 @@ enum libwebsocket_write_protocol { LWS_WRITE_PING, LWS_WRITE_PONG, - LWS_WRITE_NO_FIN = 0x40 + /* flags */ + + LWS_WRITE_NO_FIN = 0x40, + /* + * client packet payload goes out on wire unmunged + * only useful for security tests since normal servers cannot + * decode the content if used + */ + LWS_WRITE_CLIENT_IGNORE_XOR_MASK = 0x80 }; struct libwebsocket; diff --git a/lib/parsers.c b/lib/parsers.c index 64d7fb17..a97e75aa 100644 --- a/lib/parsers.c +++ b/lib/parsers.c @@ -1131,19 +1131,27 @@ int libwebsocket_write(struct libwebsocket *wsi, unsigned char *buf, if (wsi->client_mode && wsi->ietf_spec_revision == 4) { - if (libwebsocket_04_frame_mask_generate(wsi)) { - fprintf(stderr, "libwebsocket_write: " - "frame mask generation failed\n"); - return 1; - } - /* - * use the XOR masking against everything we send - * past the frame nonce + * this is only useful for security tests where it's required + * to control the raw packet payload content */ - for (n = 0; n < (len + pre + post); n++) - buf[n - pre] = xor_mask(wsi, buf[n - pre]); + if (!(protocol & LWS_WRITE_CLIENT_IGNORE_XOR_MASK)) { + + if (libwebsocket_04_frame_mask_generate(wsi)) { + fprintf(stderr, "libwebsocket_write: " + "frame mask generation failed\n"); + return 1; + } + + /* + * use the XOR masking against everything we send + * past the frame nonce + */ + + for (n = 0; n < (len + pre + post); n++) + buf[n - pre] = xor_mask(wsi, buf[n - pre]); + } /* make space for the frame nonce in clear */ pre += 4;